I also run a public Nostr relay: wss://n.ok0.org
For a few days now it has been the target of a really annoying Chinese asshole spammer, who is posting on repeat some shitty message + some QR code to donate crypto (go figure).
This motherfucker isn’t being subtle either, we’re talking a new spam note every minute or so.
To give you an idea of how committed these people are to shitting up the place:
- Every message is posted from a new npub (Nostr account), so banning that is completely pointless. You also can’t do shit to block it as a user, if your client isn’t smart enough to figure out it’s spam.
- He was initially repeating the same phrase so I banned that - every message now contains a random different phrase.
- I started banning his URLs - he now generates new ones often.
- I banned all his shitty IPs (it’s likely a bot hosted off AWS free tiers or some shit), he keeps coming up with new ones.
I’m playing fucking whack-a-mole with this asshole and he knows it lol. The thing is, it’s actually really easy for me to solve the problem by making the relay whitelist only and forgetting about it.
I could also ban notes in written in Chinese, for example.
The only reason he can even spam it to begin with is because I’m trying to run a free relay that anyone can use, including his fellow countrymen. You know, freedom and all that shit Nostr promises. What a piece of shit.
Is he using any keyword(s) to describe his spam/ scam that you could block?
Another alternative would be to use the paid relay method, but with open access. Allow all to read, but tell people to send a note or dm to be added to an allow list. I think new accounts should have a WOT score that is low enough that you wont see the posts as long as your client wont see the requests unless they have previous posts so auto generating new accounts like this wont work (maybe).
FYI I don’t think all the spam is actually for the purpose of spam so much as it is to specifically attack the free relays and people who use them to add value to paid relays.
He used to repeat some keywords, but he figured out I block them so now he’s made it so every message has entirely different text on it:
Again each message is from a different npub so there’s nothing to ban either. He reuses the same bio shit but the relay doesn’t get that info/doesn’t check for that when it receives a note so I can’t use that.
I’ve been going for the URLs but he will just generate a new one. Right now I’ve banned imgur entirely (from what I can tell everyone else is using nostr client image storage anyway, I can live with some false positives) - this seems to have stopped him for now.
The IPs he posts from are some kind of VPN or client or some shit, starting to block those also dropped the vast majority of the legitimate asian traffic. The dip you see was me cracking down on them, and then me turning the tap back on earlier when I decided to just ban imgur instead:
I think some clients won’t show his shit, but I know Amethyst does. Most likely nobody ever checks global anyway. My plan is to keep going after his image storage if he changes from imgur.
I agree, I think there are people who want to specifically shit on free relays to promote paid ones as you say. I really don’t want to run a paid relay, in fact I would sooner just make the relay invite-only. I have nothing against money, but getting paid for a service changes the dynamic.
Off topic: What is the software that generates this firewall graph?
It’s called Munin: http://munin-monitoring.org/
It’s included in most linux repos, I use it to keep an eye on what my VMs are doing.
